From the Office of the Privacy Commissioner of Canada:
On the occasion of International Data Privacy Day, a special report to Parliament by the Office of the Privacy Commissioner of Canada, with specific recommendations to address current issues surrounding privacy and national security, was tabled in Parliament. Building from consultation with a range of experts and civil society, the Office’s report makes a series of recommendations for Parliament to consider in order to strengthen privacy protection. Specifically, it suggests ways to increase transparency, modernize privacy laws and bolster Parliament’s oversight role.
“Revelations surfacing over the past months have raised questions among many Canadians about privacy in the context of national security,” said Interim Privacy Commissioner of Canada Chantal Bernier. “While a certain level of secrecy is necessary within intelligence activities, so is accountability within a democracy. Given our mission to protect and promote privacy, and our responsibility to provide advice to Parliament, we are putting forward some recommendations and ideas for Parliamentarians to consider on these important issues.”
The report recommends measures to increase transparency when it comes to privacy protection to give Canadians a better understanding of the collection, use or disclosure of personal information in the context of federal intelligence activities.
For example, the Communication Security Establishment Canada (CSEC) could make public more detailed, current, statistical information about its operations regarding privacy protection, and submit an annual report on its work to Parliament, as does the Canadian Security Intelligence Service (CSIS).
Reforming federal privacy laws
The report also renews recommendations to amend privacy laws to increase the accountability of federal institutions collecting personal information, as well as businesses that share personal information with authorities.
The Privacy Act, which applies to federal institutions, should require organizations to demonstrate the necessity for collecting personal information and to better promote privacy when such data is exchanged with foreign governments. Changes should also be made to broaden the grounds for Federal Court review to cover institutions’ collection, use and disclosure of personal information.
The report however noted that while the Privacy Act applies to security agencies, CSIS and CSEC are subject to oversight by dedicated, specialised bodies in the form of the Security and Intelligence Review Committee and the Office of the CSE Commissioner. Parliament has entrusted these bodies to monitor the compliance of CSIS and CSEC with their respective enabling legislation and, among other things, privacy protection.
While oversight for privacy protection in the national security context is divided among multiple bodies, the Privacy Act does not allow the OPC to cooperate with the others. As a result, the report recommends the Act should be amended to enable cooperation.
The report also recommends amending the Personal Information Protection and Electronic Documents Act, the federal private sector privacy law, to require private sector companies to publicly report on the use of disclosure provisions that permit organizations to share personal information with authorities without individuals’ consent or court oversight.
Focusing on Parliament’s oversight role
The report recommends as well that a Committee could undertake a specific study of Canada’s intelligence activities and oversight involving academic, civil society, legal, technology and intelligence experts.
“By submitting this report to Parliament, our goal is to contribute to a constructive debate about accountability for the protection of individuals’ privacy in this new age of national security threats,” added Interim Commissioner Bernier. “In striving to protect public safety, it must not be forgotten that the right to privacy is fundamental in our democracy.”
About the Office of the Privacy Commissioner of Canada
The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada. The Commissioner enforces two federal laws for the protection of personal information: thePrivacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to organizations engaged in commercial activities in the Atlantic provinces, Ontario, Manitoba, Saskatchewan and the Territories. Quebec, Alberta and British Columbia each has its own law covering the private sector. Even in these provinces, PIPEDA continues to apply to the federally regulated private sector and to personal information in interprovincial and international transactions.